fix(iot): policies

bifravst · Jul 23, 2019 · 0f75122 · 0f75122
1 parent 0025bf7
commit 0f75122
Showing 1 changed file with 23 additions and 2 deletions.
diff --git a/cdk/stacks/Bifravst.ts b/cdk/stacks/Bifravst.ts
@@ -99,6 +99,23 @@ export class BifravstStack extends CloudFormation.Stack {
 						}),
 					],
 				}),
+				iot: new IAM.PolicyDocument({
+					statements: [
+						new IAM.PolicyStatement({
+							actions: [
+								'iot:Receive',
+								'iot:UpdateThingShadow',
+								'iot:GetThingShadow',
+								'iot:Subscribe',
+							],
+							resources: ['*'],
+						}),
+						new IAM.PolicyStatement({
+							actions: ['iot:Connect'],
+							resources: ['arn:aws:iot:*:*:client/user-*'],
+						}),
+					],
+				}),
 			},
 		})
 
@@ -154,11 +171,15 @@ export class BifravstStack extends CloudFormation.Stack {
 					{
 						Effect: 'Allow',
 						Action: ['iot:Connect'],
-						Resource: ['*'],
+						Resource: ['arn:aws:iot:*:*:client/user-*'],
 					},
 					{
 						Effect: 'Allow',
-						Action: ['iot:Receive'],
+						Action: [
+							'iot:Receive',
+							'iot:UpdateThingShadow',
+							'iot:GetThingShadow',
+						],
 						Resource: ['*'],
 					},
 					{